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(54) Communication system and communication method 



(57) A communication system includes a first net- 
work (104) on which a file server (103) and an access 
point (102) are connected via a first communication link 
and a second network (114) on which the access point 
(102) and a terminal (101) are connected via a second 
communication link. The terminal (101) establishes a 
connection with the access point (1 02) to access the file 



server (103). The file server (103) stores a file to be 
downloaded. The terminal (1 01 ) accesses the file server 
(1 03) through the access point (1 02) to request the file. 
The terminal (101) then selects a download process 
from one of a foreground process, background process 
and postponement process, and executes the down load 
process to download the file from the file server (1 03). 



102- 




Communication network)— 104 



Access point 



File server 



■103 



/Wired/ \ 

,' wireless | -114 

\ network / 



CM 
< 

CD 
LD 

W 
CO 
CO 



Terminal 



—101 



FIG. 1 



Q. 
UJ 



Printed by Jouve, 75001 PARIS (FR) 



1 



EP 1 335 564 A2 



2 



Description 

[0001] The present invention relates to a download 
control in a communication system, more particularly, 
the present invention relates to a communication sys- 5 
tern and method of controlling a process for download- 
ing a security measure file. 

[0002] Upon development of network technologies in 
recent years, many PCs (personal computers) are con- 
nected to networks. Accordingly, damages due to com- 
puter viruses have increased, and security measures 
have gained importance. 

[0003] As security measures for PCs, security soft- 
ware such as an anti-virus program orthe like is normal- 
ly installed in a PC. Also, it is indispensable for security 
measures for PCs to apply a security patch or the like 
that fixes bugs of an OS (Operating System) and appli- 
cations. 

[0004] Jpn. Pat. Appln. KOKAI Publication No. 
2001-159975 discloses an anti-virus method that exe- 
cutes an anti-virus program periodically, and updates 
the anti-virus program itself if its version is not the latest 
one. Taking, as an example, one of anti-virus programs 
which run on PCs, a terminal updates an automatic up- 
date program to access a data file distribution server so 
as to get a data file of the latest version upon connection 
to a network. 

[0005] The size of an anti-virus program and the data 
size of an update difference of a data file used by that 
program are increasingly getting bigger. When PCs are 
connected via a wired LAN, a sufficiently broad commu- 
nication band can be assured. In this case, the time re- 
quired for an update process for the program and data 
file is short. The update process can be done without 
stress before the user starts a communication. 
[0006] when a wireless communication is conducted 
using a wireless LAN, portable phone, or the like, or 
when a wired communication is conducted based on dial 
up access, a communication band broad enough for the 
update process cannot always be assured. Hence the 
update process is executed while a sufficient communi- 
cation band cannot be assured. It is time-consuming, 
and the user gets tired of waiting for the result of the 
update process. 

[0007] As a solution to this problem, in a security 
measure method proposed by Jpn. Pat. Appln. KOKAI 
Publication No. 2001-256045, the terminal does not 
take any security measures other than communications 
via a security server. Packets addressed to the terminal 
are received by the security server and analyzed to 
check and remove viruses. This security measure meth- 
od does not require any update process on the terminal 
side, and does not cause any problem of the communi- 
cation bandwidth. 

[0008] However, since the security server bears a 
heavy load in this method, if the number of terminals 
increases, the processing performance of the security 
server itself cannot catch up, and the available commu- 



nication bandwidth is narrowed down. Also, when the 
security server breaks down due to overloads imposed 
by, e.g., so-called DoS (Denial of Service) attacks, com- 
munications may be interrupted. 
[0009] Therefore, it is desirable to take security meas- 
ures not only in the security server but also in respective 
terminals. 

[001 0] It is, therefore, an object of the present inven- 
tion to provide a security measure method and system, 
which can update security software and a data file in- 
stalled in a terminal such as a PC, portable phone, or 
the like by an optimal method corresponding to a com- 
munication bandwidth without impairing user's conven- 
ience. 

[001 1] In order to achieve the above object, a down- 
load control method in a communication system is pro- 
vided. The system includes a first network on which a 
file server and an access point are connected via a first 
communication link and a second network on which the 
access point and a terminal are connected via a second 
communication link. The terminal establishes a connec- 
tion with the access point to access a file on the file serv- 
er. The download control method comprises accessing 
from the terminal to the file server through the access 
point to request the file, selecting a download process 
from one of a foreground process, background process 
and postponement process, and executing the down- 
load process to download the file from the file server to 
the terminal. 

[0012] This summary of the invention does not nec- 
essarily describe ail necessary features so that the in- 
vention may also be a sub-combination of these de- 
scribed features. 

[0013] The invention can be more fully understood 
from the following detailed description when taken in 
conjunction with the accompanying drawings, in which: 

FIG. 1 is a block diagram depicting a schematic ar- 
rangement of a communication system according 
to first, second, and third embodiments of the 
present invention; 

FIG. 2 is a flow chart of a pattern file update process 
in a terminal in the communication system accord- 
ing to the first embodiment; 
FIG. 3 is a view for explaining changes in frequency 
band for another program and in that for an update 
process by bandwidth control; 
FIG. 4 is a flow chart of a pattern file update process 
in a terminal in the communication system of the 
second embodiment; 

FIG. 5 is a flowchart of a pattern file update process 
in a terminal in the communication system of the 
third embodiment; 

FIG. 6 is a chart for explaining communications be- 
tween the terminal and a file server in the commu- 
nication system of the third embodiment; 
FIG. 7 is a block diagram for explaining the arrange- 
ment of a communication system of the fourth em- 
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bodiment; 

FIG. 8 is a diagram for explaining communications 
between a terminal and external server via a 
■ screening server in the communication system of 
the fourth embodiment; and 
FIG. 9 is a flow chart of a pattern file update process 
in the terminal in the communication system of the 
fourth embodiment. 

(First Embodiment) 

[0014] With reference now to FIG. 1 , there is shown 
a block diagram depicting a schematic arrangement of 
a communication system according to a first embodi- 
ment of the present invention. 
[0015] A communication system according to this em- 
bodiment includes a terminal 101 that the user uses, an 
access point 1 02 which communicates with the terminal 
101 via a wired/wireless network 114, a file server 103 
which provides a data file of security software and the 
like to the terminal 1 01 , and a communication network 
1 04 which couples the access point 1 02 and file server 
103. 

[0016] The terminal 101 is a computer which can ex- 
ecute a program for security measures, and can make 
a wired or wireless communication. The terminal 101 
may be any one of a desktop PC, notebook PC, portable 
terminal (PDA or the like), and portable phone. 
[0017] In the terminal 101 , an anti-virus program that 
takes a computer virus (to be simply referred to as "vi- 
rus" hereinafter) has been installed in advance as secu- 
rity software upon purchasing the terminal 1 01 . The anti- 
virus program finds and removes a virus which is to 
about to invade or has invaded a computer on the basis 
of data stored in an anti-virus data file (to be referred to 
as a "pattern file" hereinafter). The terminal 101 exe- 
cutes an update process of the pattern file included in 
the anti-virus program, and updates it to the latest one 
so as to be able to take measures against the latest vi- 
ruses. 

[0018] The access point 102 communicates with the 
terminal 101 via a wired or wireless communication. The 
terminal 1 01 communicates with other computers on the 
network via the access point 1 02. The access point 1 02 
may be a gateway server or router in a LAN environ- 
ment. The access point 1 02 may be a modem, gateway 
server, and authentication server on the provider side in 
case of a provider. Also, the access point 1 02 may be a 
base station if the terminal 1 01 is a portable phone. 
[001 9] The file server 1 03 stores the latest pattern file 
and the like. An update server program runs on the file 
server 1 03. This program provides a remote service that 
transmits information of the latest version number or the 
like of the pattern file and the latest pattern file itself to 
the terminal 1 01 in accordance with a request from the 
terminal 101. 

[0020] Since the pattern file which has been installed 
in the terminal 101 before shipping (or upon purchase) 



cannot cope with the latest viruses, it is necessary for 
them to be updated continually. 
[0021] Referring to FIG. 2, there is shown a flow chart 
for explaining a pattern file update process. This proc- 

5 ess is executed by the terminal 1 01 . 

[0022] Before the pattern file update process, the ter- 
minal 101 establishes a communication with the access 
point 102 (step S1). This process includes an assign- 
ment of an IP address and the like to allow communica- 

10 tions on the TCP/IP level. 

[0023] After a communication between the terminal 
101 and access point 102 is established, the terminal 
101 temporally inhibits communications by other pro- 
grams other than the anti-virus program, to prevent virus 

15 acquisition during the update process. Note that this 
step may be abbreviated. 

[0024] The terminal 101 requests the file server 103 
to send the latest version number of the pattern file. The 
latest version number of the pattern file stored in the file 
20 server 1 03 is compared with the version number of the 
pattern file currently installed in the terminal 101 (step 
S2). 

[0025] If the two version numbers match, i.e., the ter- 
minal 1 01 currently has the pattern file of the latest ver- 

25 sion, the update process is not necessarily executed. 
Flow in turn proceeds to step S3. In step S3, communi- 
cations by other programs other than the anti-virus pro- 
gram are started. It is the same case if the version 
number of the pattern file in the file server 1 03 is older 

30 than the version number of the current pattern file in the 
terminal 101. 

[0026] If a pattern file newer than that of the terminal 
101 is present in the file server 103, the terminal 101 
presents update process plans of the pattern file to the 

35 user and prompts him or her to select one of them (step 
S4). The "update process plans" refer to some timings 
for initiating an update process or to some manner in 
which an update process is executed. In the embodi- 
ments of the present invention, the plans include, but 

40 are not limited to, at least three plans, e.g., "update 
now", "update in background", and "not update". 
[0027] The user who wants to preferentially take se- 
curity measures even if the update process of the pat- 
tern file is time-consuming can select "update now" in 

45 step S4. In this case, the update process is executed 
immediately at step S5. All other communications are 
interrupted until the update process is completed. 
Hence, the terminal 1 01 is prevented from getting virus- 
es even when new viruses that the old pattern file cannot 

50 cover are widespread on the network. Upon completion 
of the update process, communications by other pro- 
grams are permitted. The step S5 comprises step S51 
of downloading the latest pattern file, step S52 of updat- 
ing a pattern file currently used in the terminal 1 01 with 

55 the latest pattern file, and step S53 of permitting and 
starting communications by other programs. 
[0028] On the other hand, the user who wants to start 
communications immediately can select "not update" 
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(step S4). In this option, flow proceeds to step S3, and 
communications by other programs are permitted im- 
mediately. Although sufficiently high security is not as- 
sured for this option, it is effective when a communica- 
tion time is very short (e.g., when the user wants to send 
only one mail message) and a security program is hardly 
expected to occur, 

[0029] The user who wants to start a communication 
immediately and also assure certain security can select 
"update in background" (step S4). If this option is select- 
ed, flow proceeds to step S6, wherein a background up- 
date process is executed, and communications by other 
programs are permitted immediately. Security during 
the update process of the pattern file cannot be assured 
forthis option, but high security can be assured after the 
update process and, in many cases, sufficiently high se- 
curity can be assured. If the user is to finish a commu- 
nication before completion of the update process of the 
pattern file, a message indicating that a communication 
will be automatically terminated after completion of the 
update process of the pattern file, and the update proc- 
ess continues. 

[0030] Upon executing the background update proc- 
ess, if the full communication bandwidth between the 
terminal 101 and access point 102 is occupied by the 
pattern file update process, user's convenience is im- 
paired because the communication speed of other pro- 
grams gets low. The bandwidth is controlled during the 
steps of S61 to step S63, so that the pattern file update 
process occupies a partial communication bandwidth, 
and the remaining bandwidth is open to communica- 
tions by other programs. 

[0031] Note that the term "bandwidth" refers to the 
one which is used by the terminal 101 in a communica- 
tion with the access point 1 02 via the wired/wireless net- 
work 114 as shown in FIG. 1 . Whether that the band- 
width is broad or narrow corresponds to whether that 
the communication speed is high or low. in other words, 
the broader the communication bandwidth, the higher 
the communication speed as the transmitting data 
amount per unit of time is increased. 
[0032] In step S61 , the communication bandwidth oc- 
cupied for use in the pattern file update process may be 
dynamically controlled. For example, the bandwidth 
may be controlled in accordance with a proportion of 
bandwidth occupied for communications by other pro- 
grams within the entire communication bandwidth, as is 
understood from FIG. 3. In more detail, the following 
control is made. The use ratio of a bandwidth assured 
forcommunications by other programs is monitored dur- 
ing the period of downloading the pattern file. If the use 
ratio is lower than a first predetermined threshold value, 
a communication bandwidth assigned to the pattern file 
update process is temporarily increased. Note that a 
predetermined minimum bandwidth is assured all the 
time for other programs, Conversely, if the use ratio is 
higher than a second threshold value (larger than the 
first threshold value), a communication bandwidth as- 



signed to the pattern file update process is decreased 
(a minimum bandwidth assigned to the pattern file up- 
date process is assured all the time). 
[0033] An alternative bandwidth control may be a col- 
5 laboration with the file server 1 03, serving as a source 
of pattern files. For example, the terminal 101 informs, 
at given time intervals, the file server 1 03 of information 
indicative of a communication bandwidth to be assigned 
to the pattern file update process. The file server 103 
10 adjusts the packet amount per unit of time to be sent to 
the terminal 1 01 according to the information informed. 
[0034] The bandwidth control method varies depend- 
ing on a transmission method over a wired/wireless net- 
work 114 through which the terminal 101 and access 
15 point 1 02 are connected. For example, if a communica- 
tion medium of the network 114 is wireless, and a wire- 
less transmission method based on TDMA (Time Divi- 
sion Multiple Access) is employed, the following imple- 
mentation may be adopted. That is, the bandwidth con- 
20 trol of a wireless section is made by controlling the 
number of slots assigned to the pattern file update proc- 
ess, and that to be assigned to other programs, thus 
consequently adjusting the packet amount per unit of 
time to be sent from the file server 1 03. 
25 [0035] Alternatively, if a wireless transmission method 
based on FDMA (Frequency Division Multiple Access) 
or CDMA (Code Division Multiple Access) is employed, 
the bandwidth control may be implemented by control- 
ling the number of channels to be assigned to the pattern 
30 file update process (the number of frequency bands in 
case of FDMA; the number of codes in case of CDMA). 
[0036] If CSMA (Carrier Sense Multiple Access) is 
employed as a transmission method for a wireless sec- 
tion, the bandwidth control may be implemented by con- 
35 trolling the priority of a back-off process between the 
pattern file update process data and data for other pro- 
grams. 

[0037] Note that the bandwidth control is not limited 
to the aforementioned methods, and any other methods 

40 may be used. 

[0038] In this embodiment, the pattern file is updated 
after a communication on the TCP/IP level is estab- 
lished. However, the communication ontheTCP/IP level 
is not always indispensable. For example, if the access 

45 point 102 and file server 103 are integrated, the pattern 
file update process may be made in process of commu- 
nication establishment based on TCP/IP. 
[0039] According to the first embodiment described 
above, even when the pattern file update process is 

50 time-consuming, the user can select in advance the way 
to download a pattern file, thereby avoiding user's con- 
venience being impaired. 

[0040] Note that, it is preferable that a time required 
for downloading the pattern file is Informed to the user, 
55 as one of advices on how to decide an update process 
plan of the pattern file. The time required may be ap- 
proximated as follows. At the possible occasions, e.g., 
when the file server 1 03 is inquired about the version of 
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the latest pattern file, the server 1 03 reports the size of 
the latest pattern file in addition to its version to the ter- 
minal 101 . The time required can be calculated by the 
terminal 101 with the file size of the pattern file and 
known communication speed. 

(Second Embodiment) 

[0041] Since the arrangement of a communication 
system according to the second embodiment of the 
present invention is substantially the same as that in the 
first embodiment, only a difference will be explained be- 
low. The difference from the first embodiment is a pat- 
tern file update process. The process is automatically 
planned without having any user's operation. 
[0042] With reference now to FIG. 4, there is depicted 
a flow chart for explaining the pattern file update process 
in this embodiment. 

[0043] The same process as in the first embodiment 
is executed until the terminal 1 01 establishes a commu- 
nication with the access point 1 02, and accesses the file 
server 103 to confirm the latest version number of the 
pattern file (steps S1 and S2). 
[0044] If its version of the pattern file of the terminal 
1 01 is older than that of the file server 1 03, the terminal 
101 checks a communication speed between the termi- 
nal 101 and the access point 102. The value of a com- 
munication speed may be measured in each case or 
predetermined. In step S4, a pattern file update process 
plan is determined in accordance with the communica- 
tion speed. 

[0045] If the communication speed exceeds a prede- 
termined threshold value, since it is determined that the 
communication bandwidth is broad enough to make a 
communication for a pattern file update process, an im- 
mediate update process is executed (step S5). 
[0046] If the communication speed is equal to or 
smaller than the predetermined threshold value, since 
it is determined that the communication bandwidth is not 
enough to execute a pattern file update process, a back- 
ground update process is executed (step S6). Note that, 
the immediate update process may be executed in place 
of the background update process even if the commu- 
nication speed is equal to or smaller than the predeter- 
mined threshold value, in the case where the size of the 
latest pattern file is tiny. 

[0047] Furthermore, after an estimated time required 
to update the pattern file may be displayed so that the 
user may select a pattern file update process plan as in 
the first embodiment. Also, an update process plan may 
be automatically determined based on a threshold val- 
ue, which is set in advance by the user. 
[0048] As described above, according to the second 
embodiment, the terminal 101 automatically determines 
a pattern file update process plan without the user's in- 
tervention. In addition to the advantage equivalent to 
that of the first embodiment, an operability can be im- 
proved. 



. (Third Embodiment) 

[0049] Since the arrangement of a communication 
system according to the third embodiment of the present 
invention is substantially the same as that in the second 
embodiment, only a difference will be explained below. 
The difference from the second embodiment is that the 
pattern file update process plan is determined while 
classifying pattern files in detail according to the version 
number and the urgent level thereof. 
[0050] With reference now to FIG . 5, there is depicted 
. aflowchartfor explaining the pattern file update process 
in this embodiment. 

[0051] The same process as in the first and second 
embodiments is executed until the terminal 101 estab- 
lishes a communication with the access point 1 02 (steps 
S1 and S2). 

[0052] The terminal 101 updates the pattern file ac- 
cording to a message sequence with the file server 1 03, 
as shown in FIG. 6. 

[0053] The terminal 1 01 accesses the file server 1 03 
to require a latest pattern file information M1 . The infor- 
mation M1 indicates the latest version number of the 
pattern file, its urgent level, and the most recent critical 
version number. This parameter "urgent level" is set, for 
each pattern file, by a person such as a network admin- 
istrator or the like, who installed the pattern file in the 
file server 103. The urgent level is set high when the 
pattern file is released to cope with an extremely mali- 
cious virus and the administrator wants to make respec- 
tive terminals update immediately. Otherwise, a low ur- 
gent level is set. The number of urgent levels is not par- 
ticularly limited, but the following description will be giv- 
en using two levels (high level or low level).'The urgent 
level and most recent critical version number are de- 
scribed in a critical file which is prepared to have the 
same name as but a different extension from a pattern 
file. However, the present invention is not limited to such 
file. 

[0054] As shown in FIG. 6, the file server 103 replies 
a message M2 which indicates the latest version 
number (VERSION field in FIG. 6) of the pattern file, the 
urgent level (URGENT-LEVEL field) of the pattern file, 
and the most recent critical version number (CRITI- 
CAL-VERSION field), in response to the request of pat- 
tern file information M1 from the terminal 1 01 . 
[0055] If the pattern file of the terminal 101 is older 
than that distributed by the file server 1 03, the pattern 
file should be updated. The terminal 101 checks the 
communication speed between the terminal 101 andthe 
access point 102. In step S4, the terminal 101 selects 
an update process plan by comparing the communica- 
tion speed with two threshold values T1 and T2 (T1 > 
T2). 

[0056] If the communication speed between the ter- 
minal 101 and access point 102 is largerthan the thresh- 
old value T1 , the terminal 101 executes an immediate 
update process (step S7). 
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[0057] If the communication speed between the ter- 
minal 101 and access point 102 is smaller than the 
threshold value T2, the terminal 101 executes a back- 
ground update process (step S8). In this step S8, the 
bandwidth control is done as in the second embodiment 
so as not to impair user's convenience. Note that, the 
immediate update process may be executed in place of 
the background update process even if the communica- 
tion speed is equal to orsmallerthan the threshold value 
12, in the case where the size of the latest pattern file 
Is tiny. 

[0058] If the communication speed between the ter- 
minal 101 and access point 102 falls within the range 
between the threshold values T1 and T2, the terminal 
101 classifies cases using the most recent critical ver- 
sion number (step S5). That is, if the version number of 
the pattern file of the terminal 101 is smaller than the 
most recent critical version number, since it is deter- 
mined that the pattern file is not updated with that with 
the high urgent level, the terminal 101 executes an im- 
mediate update process (step S7). 
[0059] If the version number of the pattern file of the 
terminal 101 is larger than the most recent critical ver- 
sion number, the terminal 101 further classifies cases 
using the urgent level of the latest pattern file (step S6). 
If the urgent level of the latest pattern file is high, since 
the terminal 101 is at high risk of acquiring a virus, the 
terminal 101 executes an immediate update process 
(step S7). On the other hand, if the urgent level of the 
latest pattern file is low, since the risk of acq uiring a virus 
is not so high, the terminal 1 01 executes a background 
update process (step S8). In this case, the bandwidth 
control is executed as in the above case so as not to 
impair user's convenience. Note that the immediate up- 
date process may be executed in place of the back- 
ground update process even if the urgent level of the 
latest pattern file is low, in the case where the size of 
the latest pattern file is tiny. 

[0060] In this embodiment, the terminal 101 checks 
the communication bandwidth. Alternatively, the access 
point 1 02 may check the communication bandwidth and 
inform the terminal 101 of it. 

[0061] In this embodiment, an update process plan is 
automatically selected. More preferably, a mode that al- 
lows a user to select a mode after information obtained 
from the file server 103 is displayed, and a mode that 
automatically selects a plan on the basis of a threshold 
value set by the user may be prepared for power users. 
[0062] Also, a message indicating that the update 
process of the pattern file is in progress is preferably 
sent to the user so as not to impair user's convenience. 
[0063] As described above, according to the third em- 
bodiment, since the pattern file update process plan is 
determined based on detailed information such the ur- 
gent level of the pattern file, high-level security meas- 
ures can be taken without impairing user's convenience. 



(Fourth Embodiment) 

[0064] With reference now to FIG. 7, there is depicted 
a block diagram for explaining the arrangement of a 

5 communication system according to the fourth embod- 
iment of the present invention. 
[0065] A communication system according to the 
fourth embodiment comprises a screening server 105 
and external server 106, in addition to the arrangement 

10 shown in FIG. 1. 

[0066] Since the communication system according to 
this embodiment is similar to the arrangement of the 
communication system of the second embodiment, only 
. differences will be explained. 

15 [0067] The screening server 1 05 is a server on which 
a program that analyzes input communication packets 
to remove viruses and the like, and outputs virus-free 
packets runs. 

[0068] The external server 106 is a computer which 
20 communicates with the terminal 1 01 like an HTTP serv- 
er, FTP server, or the like, but may often be a computer 
terminal which may be operated by a cracker to make 
malicious access to the terminal 1 01 . 
[0069] The operation of the screening server 1 05 will 
25 be briefly explained below with reference to FIG. 8. FIG. 
8 depicts flow of packets between the terminal 1 01 , the 
screening server 105, and the external server 106. 
[0070] The terminal 101 communicates with the ex- 
ternal server 106 via the screening server 105. In gen- 
30 eral, since outgoing packets from the terminal 1 01 to the 
external server 106 do not influence the security of the 
terminal 101 itself, they can be directly sent to the ex- 
ternal server 1 06 without the intervention of the screen- 
ing server 1 05, or the screening server 105 can simply 
35 relay them like a normal Proxy server or router. 

[0071] In contrast, outgoing packets from the external 
server 1 06 to the terminal 1 0 1 may influence the security 
of the terminal 101. Hence, the screening server 105 
temporarily receives such packets and analyzes them 
40 to see if hazardous data such as a virus or the like is 
contained. If such data is contained, the server 105 re- 
moves it or discards a packet itself. Then, the server 1 05 
sends only secure packets to the terminal 1 01 . 
[0072] It is preferable that the user can determine 
45 whether a communication between the terminal 1 01 and 
the external server 106 goes through the screening 
server 105. During communications via the screening 
server 1 05, all packets sent from external computers to 
the terminal 1 01 are temporarily received by the screen 
so server 105, and are re-sent to the terminal 101 after a 
virus and the like are removed from these packets. 
[0073] To construct a local communication path be- 
tween the terminal 101 and screening server 105, a 
technique such as MobilelP (see IETF RFC2002) orthe 
55 like that implements mobility may be used. Using Mo- 
bilelP, packets which are headed from the terminal 1 01 
to the external server 106 directly reach the external 
server 106 without the intervention of the screening 
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server 105, but packets which are headed from the ex- 
ternal server 1 06 to the terminal 101 reach the terminal 

101 via the screening server 105. 

[0074] FIG. 9 depicts a flow chart for explaining the 
pattern file update process in this embodiment. 
[0075] This embodiment supports communications 
via the screening server 1 05 unlike the above described 
first, second, and third embodiments. 
[0076] As in the second embodiment, the terminal 1 01 
establishes a communication with the access point 1 02 
(step S1 ), and checks if its pattern file has the latest ver- 
sion (step S2), If it is determined that the pattern file is 
not the latest one, the terminal 1 01 checks the commu- 
nication speed between the terminal 101 and the access 
point 1 02, and determines a pattern file update process 
plan. 

[0077] If it is determined in step S2 that the pattern 
file is the latest one, no pattern file update process is 
required. However, a communication via the screening 
server 1 05 may be made if very high security is required. 
Thus, the terminal 101 displays a message on the 
screen to prompt the user to select if the screening serv- 
er 105 is used (step S3). If the user selects "use", the 
terminal 101 initiates a communication via the screening 
server 1 05 (step 34); if he or she selects "not use", the 
terminal 101 initiates a normal communication during 
which the screening server 105 is not used (step S5). 
[0078] If the pattern file in the terminal 1 01 is not the 
latest one, it must be updated. Hence, the terminal 1 01 
checks the communication speed with the access point 

102 (step S6). 

[0079] If the communication speed is larger than a 
predetermined threshold value, the terminal 101 exe- 
cutes an immediate update process (step 7), and starts 
communications by other programs after completion of 
the pattern file update process. 
[0080] If the communication speed is smaller than the 
predetermined threshold value, the terminal 101 dis- 
plays a message on a screen to prompt the user to se- 
lect if the screening server 105 is used (step S8). If the 
user selects "use", the terminal 101 executes a back- 
ground update process, and makes other communica- 
tions which are made during the pattern file update proc- 
ess via the screening server 105 (step S9). Note that, 
the immediate update process may be executed in place 
of the background update process even if the commu- 
nication speed is equal to or smaller than the predeter- 
mined threshold value, in the case where the size of the 
latest pattern file is tiny. 

[0081] If the user selects "not use", the terminal 1 01 
executes an immediate update process (step S7) to as- 
sure security, and starts communications by other pro- 
grams after completion of the pattern file update proc- 
ess. 

[0082] In this embodiment, when the communication 
speed is equal to or smaller than the predetermined 
threshold value, the terminal prompts the user to select 
if the screening server 105 is used. Alternatively, the 



screening server 105 may be forcibly used without ask- 
ing the user. Also, whether or not the screening server 
105 is used may be automatically determined based on 
the urgent level of the pattern file, If the urgent level is 

5 low, a background update process may be executed 
without using the screening server 1 05. 
[0083] When the screening server 105 is used, ail 
packets sent to the terminal 1 01 are to be analyzed. Al- 
ternatively, only packets associated with mail messages 

10 such as POP, IMAP, SMTP, and the like may be ana- 
lysed. 

[0084] In this embodiment, the terminal 101 and 
screening server 1 05 are connected via a local commu- 
nication route, but may be connected via a physical con- 

15 nection. For example, the access point 1 02 may have a 
function of the screening server 105. 
[0085] According to this embodiment, even when the 
pattern file update process takes time, a communication 
can be immediately made while assuring security, and 

20 asecurecommunication can be realized without impair- 
ing user's convenience. 

[0086] In the first, second, third, and fourth embodi- 
ments of the present invention, the terminal 101 checks 
if the pattern file is to be updated, and determines a pat- 

25 tern file update process plan. Alternatively, the file serv- 
er 103 or access point 102 may make such determina- 
tion, and may send an instruction to the terminal 1 01 . In 
this way, by determining a process plan by a common 
server other than the terminal 101 , the security of the 

30 terminal 1 01 can be maintained independently of the us- 
er. 

[0087] In this case, in place of the process in which 
the terminal 1 01 checks the latest version of the pattern 
file in the first, second, third, and fourth embodiments, 

35 the file server 1 03 is informed of the version number of 
the pattern file currently installed in the terminal 1 01 and 
the communication speed between the terminal 101 and 
access point 102. The file server 103 then determines 
the necessity of version up and an update process plan 

40 jf version up is required on the basis of the received in- 
formation, and replies the determined contents to the 
terminal 101. 

[0088] In the second, third, and fourth embodiments 
of the present invention, the terminal 101 checks the 
45 communication speed. Alternatively, the access point 

102 may check the communication speed, and inform 
the terminal 101 of it. 

[0089] Furthermore, in the second, third, and fourth 
embodiments of the present invention, an update proc- 

50 ess plan is determined in accordance with the commu- 
nication speed between the terminal 101 and access 
point 102. However, the present invention is not limited 
to this. For example, an update process plan may be 
determined in accordance with the communication 

55 speed between the terminal 101 and, e.g.,thefileserver 
103. In this case, either the terminal 101 or file server 

103 may check the communication speed. 

[0090] In the first, second, third, and fourth embodi- 
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merits of the present invention, the pattern file update 
process of the anti-virus program has been explained. 
However, the present invention is not limited to this, and 
can be applied to version up of the anti-virus program 
itself which runs on the terminal 101, and also down- 
loading a patch that fixes bugs of an OS and application 
software. 

[0091] In the second, third, and fourth embodiments 
of the present invention, an update process plan is de- 
termined in consideration of the communication speed 
(bandwidth). However, upon determining an update 
process plan, the connected location of the terminal 1 01 
may be considered in addition to the communication 
speed. 

[0092] For example, a case will be examined below 
wherein the terminal 101 has both the functions of a 
wireless LAN terminal and portable phone. If the termi- 
nal 101 is connected as a portable phone, since the 
communication bandwidth is narrow and high commu- 
nication cost of, e.g., packet communications is re- 
quired, download is preferably suppressed. On the other 
hand, if the terminal 101 can be connected as a wireless 
LAN terminal, since the communication bandwidth is 
broad and low communication cost is required, down- 
load is preferably selected. In this way, high-level secu- 
rity measures can be taken while reducing the commu- 
nication cost, without impairing user's convenience up- 
on updating the pattern file. 

[0093] For example, a case will be examined below 
wherein a service that links an attraction in an amuse- 
ment center such as aplayparkorthelike with contents 
such as video, music, and the like to be distributed to a 
terminal via a wireless communication is to be received. 
In order to suppress the deviation between the attraction 
and the contents distribution timing, download of the 
pattern file is preferably suppressed. As a practical sup- 
pression method, for example, a method of setting a 
high threshold value (communication bandwidth, evalu- 
ation criterion of urgent level of a pattern file, and the 
like) used to determine if a pattern file is to be down- 
loaded, a method of forcing to use a screening server, 
and the like may be used. 



Claims 

1 . In a communication system including afirst network 
(104) on which a file server (103) and an access 
point (1 02) are connected via a first communication 
link and a second network (114) on which the ac- 
cess point (1 02) and a terminal (1 01 ) are connected 
via a second communication link, wherein the ter- 
minal (101) establishes a connection with the ac- 
cess point (102) to access a file on the file server 
(103), a download control method characterized 
by comprising: 

accessing from the terminal (101) to the file 



server (103) through the access point (102) to 
request the file; 

selecting a download process from one of a 
foreground process, background process and 
5 postponement process; and 

executing the download process to download 
the file from the file server (1 03) to the terminal 
(101). 

10 2. The method according to claim 1 , characterized by 
further comprising: 

accepting an instruction from the terminal; and 
selecting the download process according to 
15 the instruction. 

3. The method according to claim 1 , characterized by 
further comprising: 

20 detecting a communication speed over the sec- 

ond communication link; and 
selecting the download process according to 
the communication speed, wherein if the com- 
munication speed is faster than a predeter- 

25 mined threshold value, the foreground process 

is selected and if the communication speed is 
slower than the predetermined threshold value, 
the background process is selected. 

30 4. The method according to claim 1 , characterized by 
further comprising: 

monitoring during the background process, a 
use ratio of a bandwidth assured for communi- 
35 cations by other programs in the terminal (1 01 ); 

and 

controlling a bandwidth assured for the back- 
ground process depending on the use ratio. 

40 5. The method accordingto claim 1 , characterized by 
further comprising: 

selecting the download process based on an 
urgent level of the file. 

45 

6. The method according to claim 1 , characterized by 
further comprising: 

notifying a size of the file from the file server 
so (1 03) to the terminal (101); and 

selecting the download process depending on 
the size of the file. 

7. The method according to claim 1 , characterized by 
55 further comprising: 

determining a download process from one of a 
foreground process, background process and 
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postponement process by the file server (1 03); 
and 

Instructing the terminal (101) to execute the 
download process for a file to be downloaded 
to the terminal (101). 

8. The method according to claim 7, characterized by 
further comprising: 

detecting a communication speed between the 
file server (1 03) and the terminal (101) over the 
first communication link and the second com- 
munication link by the file server (1 03). 

9. The method according to claim 1 , characterized in 
that: 

determining a download process from one of a 
foreground process, background process and 
postponement process by the access point 

(102) ; and 

instructing the terminal (101) to execute the 
download process for a file to be downloaded 
to the terminal (101), which is stored in the file 
server (103). 

10. The method according to claim 9, characterized by 
further comprising: 

detecting a communication speed between the 
access point (102) and the terminal (101) over 
the second communication link by the access 
point (102). 

1 1 . The method according to claim 1 , characterized by 
further comprising: 

determining whether or not a communication 
between the terminal (101) and an external 
computer (1 06) goes through a screening serv- 
er (105). 

12. A communication system characterized by com- 
prising: 

a first network (1 04) on which a file server (1 03) 
and an access point (1 02) are connected via a 
first communication link, the file server storing 
a file; and 

a second network (114) on which the access 
point (1 02) and a terminal (1 01 ) are connected 
via a second communication link, wherein the 
terminal (101) establishes a connection with 
the access point (1 02) to access the file server 

(103) , and 

wherein the terminal (101) accesses the file 
server (103) through the access point (102) to re- 



quest the file, selects a download process from one 
of a foreground process, background process and 
postponement process, and executes the download 
process to download the file from the file server 
5 (103). 

13. The system according to claim 12, characterized 
in that the terminal (101) forcibly selects the down- 
load process according to a user instruction. 

10 

14. The system according to claim 12, 
characterized in that: 

the terminal (101) detects a communication 
15 speed over the second communication link; 

and 

the terminal (101) selects the download proc- 
ess according to the communication speed so 
that if the communication speed is faster than 
20 a predetermined threshold value, the fore- 

ground process is selected and if the commu- 
nication speed is slower than the predeter- 
mined threshold value, the background proc- 
ess is selected. 

25 

15. The system according to claim 12, 
characterized in that: 

the terminal (101) monitors, during the back- 
30 ground process, a use ratio of a bandwidth as- 

sured for communications by other programs; 
and 

the terminal (101) controls a bandwidth as- 
sured for the background process depending 
35 on the use ratio. 

16. The system according to claim 12, characterized 
in that the terminal (101) selects the download 
process based on an urgent level of the file. 

40 

17. The system according to claim 1 2, 
characterized by further comprising: 

a screening server configured to protect the ter- 
45 minal (101) from acquiring a virus during at 

least the background process. 

18. The system according to claim 12, 
characterized in that: 

50 

the file server (1 03) notifies a size of the file to 
the terminal (101); and 

the terminal (101) selects the download proc- 
ess depending on the size of the file. 

55 

19. The system according to claim 12, 
characterized in that: 
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the file server (103) determines a download 
process from one of a foreground process, 
background process and postponement proc- 
ess; and 

the file server (1 03) instructs the terminal (101) 5 
to execute the download process for a file to be 
downloaded to the terminal (101). 

20. The system according to claim 19, 
characterized in that the file server (103) detects 10 
a communication speed between the file server 
(103) and the terminal (101) over the first commu- 
nication link and the second communication link. 

21 . The system according to claim 12, is 
characterized in that: 

the access point (102) determines a download 
process from one of a foreground process, 
background process and postponement proc- 20 
ess; and 

the access point (102) instructs the terminal 
(1 01 ) to execute the download process for a file 
to be downloaded to the terminal (101), which 
is stored in the file server (1 03) 25 

22. The system according to claim 21 , 
characterized in that the access point (1 02) de- 
tects a communication speed between the access 
point (1 02) and the terminal (101) over the second 30 
communication link, 

23. The system according to claim 12, 
characterized in that the terminal (101) deter- 
mines whether or not a communication between the 35 
terminal (1 01 ) and an external computer (1 06) goes 
through a screening server (105) 
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